brute force attack

I am the small business owner and runs my own web-site. I have noticed increased cracking activity against by blog. What’s the best way to block WordPress URLs such as example.com/blog/wp-login.php and example.com/blog/wp-admin/ in the nginx web-server?